New Release: Tor Browser 9.0.5

Tor Browser 9.0.5 is now available from the Tor Browser download page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to 68.5.0esr, NoScript to 11.0.13, and on desktop, Tor to 0.4.2.6. We also added a new default bridge and backported a few improvements from the alpha series.

The full changelog since Tor Browser 9.0.4 is:

  • All Platforms
    • Update Firefox to 68.5.0esr
    • Bump NoScript to 11.0.13
    • Bug 32053: Fix LLVM reproducibility issues
    • Bug 32255: Missing ORIGIN header breaks CORS
    • Bug 32891: Add new default bridges
  • Windows + OS X + Linux
    • Bump Tor to 0.4.2.6
  • Windows
    • Bug 32132: Re-enable jemalloc for Windows users
  • Build System
    • All Platforms
    • OS X
      • Bug 33200: Fix permissions on bookmarks.html
Anonymous

February 14, 2020

Permalink

Recently I had to start using a bridge, otherwise I couldn't open websites. This is happening in Portugal.

A bridge should not affect opening websites once you are connected to Tor. A bridge is supposed to help if you can't connect to Tor at all. The first connection to Tor is shown by a progress bar before the browser opens. If you can connect Tor without a bridge, then the websites that wouldn't open probably were blocking the exit node (last node) of your circuit. In that situation, the proper thing to do is click on the lock icon in the address bar -> blue button New Circuit for this Site. If other websites open, then that one website is blocking Tor.

https://tb-manual.torproject.org/managing-identities/
https://support.torproject.org/tbb/tbb-29/
https://support.torproject.org/misc/glossary/#new-tor-circuit-for-this-…
https://support.torproject.org/tbb/

Anonymous

February 15, 2020

Permalink

I'm seeing this error in Android 10 when I try to connect via bridges and it just can't connect:

"- WARN: Managed proxy at '/data/app/org.torproject.torbrowser-KiFX6x3o-sapD1j17SI96w==/lib/arm64/libObfs4proxy.so' reported: error: "/data/app/org.torproject.torbrowser-KiFX6x3o-sapD1j17SI96w==/lib/arm64/libObfs4proxy.so": executable's TLS segment is underaligned: alignment is 8, needs to be at least 64 for ARM64 Bionic
- WARN: Pluggable Transport process terminated with status code 6"

What's that about?

Anonymous

February 18, 2020

Permalink

When I navigate in my browser to:

about:networking#http

I see port ocsp.digicert.com on port 80.

Isn't this kind of a leak of sorts?

Anonymous

February 19, 2020

Permalink

Can a Tor browser user configure how often exit nodes are changed?
I need longer time with the same IP address...

> Can a Tor browser user configure how often exit nodes are changed? I need longer time with the same IP address...

Timeout length of stale circuits could be interesting if you also consider the thread about referers on page 1. https://blog.torproject.org/comment/286734#comment-286734 For instance, how much information is a fresh second exit told about your session on the same domain that was on its stale first exit? People spend a lot longer than 10 minutes on some sites.

This page has some information about this:
https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user…

On Windows and Linux you can find the profile directory inside the Tor Browser directory, in Browser/TorBrowser/Data/Browser/profile.default/. On macOS it is in a TorBrowser-Data directory: https://tb-manual.torproject.org/uninstalling/

You might also be able to set the TOR_SKIP_LAUNCH=1 environment variable to start Tor Browser without connecting to Tor, and then use the browser to export bookmarks.

Anonymous

February 21, 2020

Permalink

I am unable to download the latest TOR browser update as I cannot connect to the main web page or the download page on any browser; I receive an error stating that a secure connection could not be established, and that the security certificate exceeds the maximum length. All of my browsers are up to date and all of them give the same error. Is this still an issue on my end or is it something that needs to be fixed on the website itself?

Anonymous

February 21, 2020

Permalink

Since the 12 February Tor update I can no longer access my ProtonMail account, but have no problem if I go through regular Firefox. The login screen just cycles endlessly, and I also get a pop-up message across the top that says a web page is slowing down my browser - even if nothing else is open whatsoever.

Also can't make the Tor browser the default.

Any ideas on how to fix these issues?

Anonymous

February 22, 2020

Permalink

Unable to click on checkboxes and unable to highlight & copy with new Tor update.

Anonymous

February 23, 2020

Permalink

Hi! New to TOR!

This isn't working for me: "api ms win crt convert 1-1-0 dll is missing"

Please advise.
Thanks

Change your security level shield to Safer or Standard, and open the video page. You will see a yellow panel with a blue "S" covering video players. That's NoScript doing its job. Click the yellow panel on a player to pop-up a blue dialog window where you can allow the [MEDIA] tag so videos will play. If the blue window doesn't work on Standard, you may have to open NoScript's options and set a custom, temporary (clock icon) permission to allow [MEDIA] on that first-party domain (youtube.com) and/or the third-party domain that hosts the video file (Youtube is a third party on sites that embed youtube videos into their pages). If you want to allow everything from a domain, simply click "Temp. Trusted". Don't change anything in NoScript unless you have familiarized yourself with it already in browsers like Chrome or Firefox because customized configurations can make you distinguishable on Tor. You can reset NoScript's per-site permissions to Tor Browser default by changing your security level shield.
https://tb-manual.torproject.org/security-settings/
https://noscript.net/

If you're getting CAPTCHAs or "Our systems have detected unusual traffic from your computer network" (a different issue from above), either wait ten minutes and try again, or click ⓘ (i) in the address bar -> "New Circuit for this Site", or click the New Identity broom icon next to the address bar. Then, try opening Youtube again. I seem to have better luck if I open youtube's home page before I open a video page.

As always, read Tor Project's Support and Documentation.
https://support.torproject.org/
https://tb-manual.torproject.org/managing-identities/

More answers:
https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlo…
https://duckduckgo.com/?q="tor"+"unusual+traffic+from+your+computer+network"
https://duckduckgo.com/?q="unusual+traffic+from+your+computer+network"

Really great answer; thank you!

I rarely try to watch videos myself, but when I try to encourage others who need Tor but do not yet recognize the fact that they need Tor to try Tor Browser, the most common complaint I hear is "Youtube didn't work".

@ Tor Project:

Please, please, please: as we all recall, the long-promised site revamp did NOT go down well with the user base and did not help resolve the difficulty of finding the most recent and best advice on how to use Tor. I ask that someone be assigned to try again.

Please bear in mind:

  • informational pages should always begin with "last updated on [date]"
  • each page should
    • begin with concise presentation of the most useful information
    • drill down into more complex issues second
    • add important caveats and warnings as needed
    • be edited by someone who tries to mimic the mental state of a possibly confused or frustrated newbie which "just wants this thing to work", and who might not yet be ready to hear about all the awful FAILS more experienced users are familiar with

Further suggestions:

  • Google Summer of Code intern can try to write a good/safe TB friendly site search?
  • I think the way Tails organizes its documentation is smart and effective

BTW, in the blog preview does not work. Plus NSA must find it very informative to watch posters manually write HTML code.

> begin with "last updated on [date]"

Wikis and generally most places that have those put it in the footer. Tor Project's Trac wiki does too.

> begin with concise presentation of the most useful information
> drill down into more complex issues second

https://en.wikipedia.org/wiki/BLUF_(communication)
https://en.wikipedia.org/wiki/Spiral_approach
https://en.wikipedia.org/wiki/Inverted_pyramid_(journalism)

However, in a documentation paradigm, the information is a reference rather than an interjection like a press release. Reference documents can't predict what the reader will be asking or looking for, so instead, they organize by category and/or prioritize by what readers most frequently ask. For another example, look at https://docs.python.org/

Others have proposed search features:
https://trac.torproject.org/projects/tor/ticket/24376
https://trac.torproject.org/projects/tor/ticket/32932

Yes to everything else you said. This thread should be forwarded to the Website team.

Anonymous

February 23, 2020

Permalink

I'm using Tor version 9.0.5 on android phone using Android 9. Is there a way to view Tor logs regarding server names? I slide the screen to the left while connecting to read the logs but towards the end everything closes so fast that I cannot read anything about what country I'm connected to or what servers I'm using etc. Thank you!

Anonymous

February 24, 2020

Permalink

I was surprised to find by default that there was no tick in "Prevent accessibility services from accessing your browser" considering what it says on this webpage about third party applications may be monitoring your web surfing activity.

Am I missing something?, like you have already disabled it all by default in about:support ?.

Third party applications may be monitoring your web surfing activity
considering it says

What is the impact of having Firefox Accessibility Service enabled?

Firefox Accessibility Service may negatively impact Firefox browsing performance

Third party applications may be monitoring your web surfing activity

Firefox stability may be adversely affected

I tried to preview this post but I could not see it even even though I allowed NoScript, does it work?.

Thanks boklm,

that is understandable, it's good to read that they are looking for Mozilla to fix this.

Could you possibly post a link to problems, advisories about things like this in the future (which may leave people open to tracking or other potential privacy leaks) and place a link on the the Tor download pages and at the top of each new Tor release blog post, so that people can take the necessary steps to work around any new problems until they get fixed? as finding out about things kike this often take a lot of digging to find and most users will probably just go ahead and start browsing.

Otherwise I and other users tend to just stubble across these things, if at all, which are often already known about, but not by the average user who may possibly never even visit the Tor blog, ot other sites, I didn't notice that setting in "Options, Privacy & Security, Permissions section, Prevent accessibility services from accessing your browser checkbox" for a day or two. so it was left turned on.

It is not clearly marked in Firefox (as to what it leaves you open to) until you click further to investigate it.

I think considering that it presently leaves you open to being tracked that Mozilla should separate it and list it under Privacy and Third Party Tracking Data along with its other interned use as it is easily missed, even though I have viewed that setting a few times already I still had to look up where to find it again today after failing to find it again, ts to well hidden sitting at the end of a list looking all Innocent.

Thanks

This option not being checked does not leave you open to being tracked.

This option can prevent a malicious program from monitoring the browser using accessibility services. But a malicious program probably could do it in other ways too, so it's unclear whether this option offer much protection.

Ok thanks, I guess I took "Third party applications may be monitoring your web surfing activity" to just mean tracking in general terms.

One unrelated problem which I came across the other day is:

[Show all bookmarks] if you type or paste a search term into the search box then click on it to edit it (because you spelt it wrong) or if you click on a white area of the search box it highlights the entire search term which then it freezes it, you can not un-highlight it by clicking on the white space or the word, you can't even use backspace, all you can do is delete it.

I did find one way out of it today though, if you use the arrow keys after you highlight it, it will un-highlight it and you can then edit away as normal, it does need fixing though.

Anonymous

February 26, 2020

Permalink

Dont know if its the right place, but still post it here.
in android version of torbrowser, the default language setting is "System default", which causes the system language to appear in the HTTP accept headers. For less populus languages this effectively makes torbrowsers fingerprint quite unique, at least according to panopticlick.
Changing intl.accept-language to something more common like en-Us, en seems to correct it.

Anonymous

February 26, 2020

Permalink

Noscript does not save my "trusted" settings. Every time I load TOR I have to go into Noscript options, trusted, and re-disable the "media" setting.
Even then can't really trust the noscript settings to do what they say. I had 3 tabs loaded each with different "temp trusted" settings, and then the noscript menu went blank, displaying that blankness in a larger noscript window i hadn't seen before.

> the noscript menu went blank, displaying that blankness in a larger noscript window i hadn't seen before

The toolbar icon's list often opens empty for me. Move your mouse arrow up and down on the blankness, and the lines of permissions should appear. I don't know why it happens.

Anonymous

February 28, 2020

Permalink

My TOR Browser is not never default my browser! may-be is not possible to save configuration.
Have you some ideas? I must reload again TOR 9.0.5 ?

Anonymous

February 29, 2020

Permalink

Avast report virus on this version 9.0.5: Win64:Evo-gen in nssdbm3.dll and mozi....dll(forget the name)

Anonymous

March 04, 2020

Permalink

Hi
in version 9.0.5 every time i start Tor browser the size of the browser's window, zoom setting of websites and many more setting keep resetting to default values
I enabled history, put browser in standard security mode and disabled "always in private mode" option
but problem still exist
please help me with this